04-12-2014 08:26 AM
Hello,
I bought a few weeks ago two C892FSP-K9.
When I bought it, I said it was to link 2 to 3 sites all together throught VPN site-to-Site. Those devices can have up to 50 VPN tunnel. I am not shure yet how to implement the ipsec tunnel vpn capability, but I am not sure that I have all the settings available.
Here is what I mean and the result of the "crypto ?" command:
(config)#crypto ?
key Long term key operations
pki Public Key components
provisioning Secure Device Provisioning
wui Crypto HTTP configuration interfaces
In this list of available commande, I do not have
isakmp
In all the exemple I found in Internet to make a tunnel, they use isakmp. So if it is not avalable, How can I do?
By the way, do I have to do, activate something somewhere to have access to isakmp?
Thanks?
04-12-2014 09:05 AM
Hi,
Nowadays, Cisco sells a separate security license (PAK) for ISR G2 routers.
Try to issue a 'show version' to see if there's a permanent security license installed. If it says none (under security), then you'll have to order.
04-12-2014 10:52 AM
Hi,
Thanks for the answer.
Show vertion gives me this.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
export@cisco.com.
Cisco C892FSP-K9 (revision 1.0) with 488524K/35763K bytes of memory.
Processor board ID FCZ1803C202
10 Gigabit Ethernet interfaces
DRAM configuration is 32 bits wide
255K bytes of non-volatile configuration memory.
250880K bytes of ATA System CompactFlash (Read/Write)
License Info:
License UDI:
-------------------------------------------------
Device# PID SN
-------------------------------------------------
*0 C892FSP-K9 ************
License Information for 'c800'
License Level: advipservices_npe Type: Permanent
Next reboot license Level: advipservices_npe
It should be Here?
Thanks
04-12-2014 05:24 PM
Hi,
You'll see it under UDI info and right before the config-register.
It look something like this:
Technology Package License Information for Module:'c2900'
-----------------------------------------------------------------
Technology Technology-package Technology-package
Current Type Next reboot
------------------------------------------------------------------
ipbase ipbasek9 Permanent ipbasek9
security None None None
uc uck9 Permanent uck9
data None None None
Configuration register is 0x2102
i recently installed a security license key on one of our 2911 to establish an IPsec VPN tunnel.
hope this link might help:
http://wannabelab.blogspot.com/2014/04/using-cisco-router-as-tftp-server.html
04-14-2014 07:37 AM
Hi,
I have contacted my reseler who tells me that the VPN for 50 tunnels comes with the device.
Look at the attached picture.
I have look in many different website an see that to do a vpn site to site link, I need this command "isakmp".
Is there another way to do it with either:
key Long term key operations
pki Public Key components
provisioning Secure Device Provisioning
wui Crypto HTTP configuration interfaces
Thanks for the answer.
Vandman
04-21-2014 02:44 AM
Hi,
I have found the solution. It seems that my devices were shiped with this IOS:
c800-universalk9_npe-mz.SPA.153-2.T.bin
I did not have the equivalent of advsecurity feature in it.
So Someone from Cisco send me this IOS:
c800-universalk9-mz.SPA.152-4.M6.bin
And all came back to normal... Now I have this:
(config)#crypto ?
batch Crypto Batch Processing
call Configure Crypto Call Admission Control
ctcp Configure cTCP encapsulation
dynamic-map Specify a dynamic crypto map template
engine Enter a crypto engine configurable menu
gdoi Configure GDOI policy
identity Enter a crypto identity list
ikev2 Configure IKEv2 Options
ipsec Configure IPSEC policy
isakmp Configure ISAKMP policy
key Long term key operations
keyring Key ring commands
logging logging messages
map Enter a crypto map
mib Configure Crypto-related MIB Parameters
pki Public Key components
provisioning Secure Device Provisioning
vpn Configure crypto vpn commands
wui Crypto HTTP configuration interfaces
xauth X-Auth parameters
Thanks For those who tried to help me.
Vandman
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: